Hack Remote XP using Heap Overflow Attack

This module exploits heap overflow vulnerability in the Windows Multimedia Library (winmm.dll). The vulnerability occurs when parsing specially crafted MIDI files. Remote code execution can be achieved by using the Windows Media Player ActiveX control. Exploitation is done by supplying a specially crafted MIDI file with specific events, causing the offset calculation being higher than what is available on the heap (0×400 allocated by WINMM!winmmAlloc), and then allowing us to either “inc al” or “dec al” a byte. This can be used to corrupt an array (CImplAry) we setup, and force the browser to confuse types from tagVARIANT objects, which leverages remote code execution under the context of the user. Note: At this time, for IE 8 target, you may either choose the JRE ROP, or the msvcrt ROP to bypass DEP (Data Execution Prevention). Also, based on our testing, the vulnerability does not seem to trigger when the victim machine is operated via rdesktop.

Social Engineering Tool kit is cool tool which came with BACKTRACK, this increase power of metasploit. If you are on any linux system other...

ABout me

I am Nirav Desai. I am author of this blog. Now I am doing Electronics & Communication Engineering. But i am interested in field of I.T. & Networking.I am also interested in web-application testing, penetration testing,blogging, Search Engine Optimization (S.E.O).